RGBCube/serenity
1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-07-25 14:57:35 +00:00
Code Issues Activity Actions

Browser+WebContent: Fix HTML injection in console functions output

Browse source
This commit is contained in:
Linus Groh 2021-04-18 17:27:00 +02:00
parent a178255a8b
commit e37421bddc
2 changed files with 12 additions and 12 deletions
Download patch file Download diff file Expand all files Collapse all files

12
Userland/Applications/Browser/BrowserConsoleClient.cpp
View file

@ -37,7 +37,7 @@ namespace Browser {
JS::Value BrowserConsoleClient::log() JS::Value BrowserConsoleClient::log()
{ {
m_console_widget.print_html(vm().join_arguments()); m_console_widget.print_html(escape_html_entities(vm().join_arguments()));
return JS::js_undefined(); return JS::js_undefined();
} }
@ -46,7 +46,7 @@ JS::Value BrowserConsoleClient::info()
StringBuilder html; StringBuilder html;
html.append("<span class=\"info\">"); html.append("<span class=\"info\">");
html.append("(i) "); html.append("(i) ");
html.append(vm().join_arguments()); html.append(escape_html_entities(vm().join_arguments()));
html.append("</span>"); html.append("</span>");
m_console_widget.print_html(html.string_view()); m_console_widget.print_html(html.string_view());
return JS::js_undefined(); return JS::js_undefined();
@ -57,7 +57,7 @@ JS::Value BrowserConsoleClient::debug()
StringBuilder html; StringBuilder html;
html.append("<span class=\"debug\">"); html.append("<span class=\"debug\">");
html.append("(d) "); html.append("(d) ");
html.append(vm().join_arguments()); html.append(escape_html_entities(vm().join_arguments()));
html.append("</span>"); html.append("</span>");
m_console_widget.print_html(html.string_view()); m_console_widget.print_html(html.string_view());
return JS::js_undefined(); return JS::js_undefined();
@ -68,7 +68,7 @@ JS::Value BrowserConsoleClient::warn()
StringBuilder html; StringBuilder html;
html.append("<span class=\"warn\">"); html.append("<span class=\"warn\">");
html.append("(w) "); html.append("(w) ");
html.append(vm().join_arguments()); html.append(escape_html_entities(vm().join_arguments()));
html.append("</span>"); html.append("</span>");
m_console_widget.print_html(html.string_view()); m_console_widget.print_html(html.string_view());
return JS::js_undefined(); return JS::js_undefined();
@ -79,7 +79,7 @@ JS::Value BrowserConsoleClient::error()
StringBuilder html; StringBuilder html;
html.append("<span class=\"error\">"); html.append("<span class=\"error\">");
html.append("(e) "); html.append("(e) ");
html.append(vm().join_arguments()); html.append(escape_html_entities(vm().join_arguments()));
html.append("</span>"); html.append("</span>");
m_console_widget.print_html(html.string_view()); m_console_widget.print_html(html.string_view());
return JS::js_undefined(); return JS::js_undefined();
@ -94,7 +94,7 @@ JS::Value BrowserConsoleClient::clear()
JS::Value BrowserConsoleClient::trace() JS::Value BrowserConsoleClient::trace()
{ {
StringBuilder html; StringBuilder html;
html.append(vm().join_arguments()); html.append(escape_html_entities(vm().join_arguments()));
auto trace = get_trace(); auto trace = get_trace();
for (auto& function_name : trace) { for (auto& function_name : trace) {
if (function_name.is_empty()) if (function_name.is_empty())

12
Userland/Services/WebContent/WebContentConsoleClient.cpp
View file

@ -81,7 +81,7 @@ void WebContentConsoleClient::clear_output()
JS::Value WebContentConsoleClient::log() JS::Value WebContentConsoleClient::log()
{ {
print_html(vm().join_arguments()); print_html(escape_html_entities(vm().join_arguments()));
return JS::js_undefined(); return JS::js_undefined();
} }
@ -90,7 +90,7 @@ JS::Value WebContentConsoleClient::info()
StringBuilder html; StringBuilder html;
html.append("<span class=\"info\">"); html.append("<span class=\"info\">");
html.append("(i) "); html.append("(i) ");
html.append(vm().join_arguments()); html.append(escape_html_entities(vm().join_arguments()));
html.append("</span>"); html.append("</span>");
print_html(html.string_view()); print_html(html.string_view());
return JS::js_undefined(); return JS::js_undefined();
@ -101,7 +101,7 @@ JS::Value WebContentConsoleClient::debug()
StringBuilder html; StringBuilder html;
html.append("<span class=\"debug\">"); html.append("<span class=\"debug\">");
html.append("(d) "); html.append("(d) ");
html.append(vm().join_arguments()); html.append(escape_html_entities(vm().join_arguments()));
html.append("</span>"); html.append("</span>");
print_html(html.string_view()); print_html(html.string_view());
return JS::js_undefined(); return JS::js_undefined();
@ -112,7 +112,7 @@ JS::Value WebContentConsoleClient::warn()
StringBuilder html; StringBuilder html;
html.append("<span class=\"warn\">"); html.append("<span class=\"warn\">");
html.append("(w) "); html.append("(w) ");
html.append(vm().join_arguments()); html.append(escape_html_entities(vm().join_arguments()));
html.append("</span>"); html.append("</span>");
print_html(html.string_view()); print_html(html.string_view());
return JS::js_undefined(); return JS::js_undefined();
@ -123,7 +123,7 @@ JS::Value WebContentConsoleClient::error()
StringBuilder html; StringBuilder html;
html.append("<span class=\"error\">"); html.append("<span class=\"error\">");
html.append("(e) "); html.append("(e) ");
html.append(vm().join_arguments()); html.append(escape_html_entities(vm().join_arguments()));
html.append("</span>"); html.append("</span>");
print_html(html.string_view()); print_html(html.string_view());
return JS::js_undefined(); return JS::js_undefined();
@ -138,7 +138,7 @@ JS::Value WebContentConsoleClient::clear()
JS::Value WebContentConsoleClient::trace() JS::Value WebContentConsoleClient::trace()
{ {
StringBuilder html; StringBuilder html;
html.append(vm().join_arguments()); html.append(escape_html_entities(vm().join_arguments()));
auto trace = get_trace(); auto trace = get_trace();
for (auto& function_name : trace) { for (auto& function_name : trace) {
if (function_name.is_empty()) if (function_name.is_empty())